nixCraft 🐧Nov 13, 2023

My bank: “your password is too long, please choose a new password.”

Should never be an error message, ever.

Show threadFubaroqueNov 14, 2023
@nixCraft It suggests that they don’t use a hash to store your password. 🤮 #redflag
Show threadCSDUMMINov 14, 2023

@fubaroque @nixCraft

Not necessarily. There are legitimate performance considerations to using too long passwords, since they increase the burden on the authenticating server.

A 32 character limit is too low though.

Show threadFubaroqueNov 14, 2023
@csdummi @nixCraft After the first round the length is fixed. 🤔
Show threadCSDUMMI

@fubaroque @nixCraft

The password is, after all, sent in plaintext from the browser to server (over HTTPS).

Nov 14, 2023 at 4:41pmWeb
Show threadFubaroqueNov 14, 2023
@csdummi @nixCraft And? Does that mean it’s length needs to be restricted? Uploading documents of a gigabyte doesn’t seem to be a problem… 🤣